Update:As of 9/20/22, privacy controls and web protection configuration for Android MAM are now generally available.
Microsoft Defender for Endpoint (MDE) for Android and iOS helps protect organizations and enterprise users by safeguarding their mobile devices from cyber threats. As the threat landscape evolves, our journey in providing the most complete and robust Mobile Threat Defense solution for our customers continues.
Taking our next step on this journey, we are excited to announce a handful of new features that are generally available: Privacy Controls, Optional Permissions and Disable Web protection.
Admins can setup privacy policies in Microsoft Defender for Endpoint on Android and iOS aligned to their organization’s needs while instilling confidence with end users that Microsoft respects their privacy and does not look at personal data. Additional granular controls are offered to further configure privacy settings so both admins and end users are in more control of the data being sent in threat reports.
iOS- Microsoft Defender for Endpoint on iOS enables Privacy Controls for both the admins and end users. This includes controls for enrolled Mobile Device Management (MDM) as well as unenrolled Mobile Application Management (MAM) devices. Admins can configure privacy settings for the phish and network reports while end users can configure the information shared with their organization through the Defender app settings.Privacy Controls in iOS.
Android- Microsoft Defender for Endpoint on Android also enables Privacy Controls for both admins and end users. Admins can now enable privacy controls for the phish report, malware report and network report while end users can enable controls through the Defender app settings See Privacy Controls in Android for Enrolled Devices for more details.
Note: Similar privacy controls for Android unenrolled MAM devices are currently in preview. To learn more please reviewPrivacy Controls for MAM.
Microsoft Defender for Endpoint now enables admins to skip some permissions in the onboarding flow. Before, addressing all the permissions used to be required by MDE.
iOS- With this feature, admins can deploy MDE on BYOD devices without enforcing the mandatory VPN permission during onboarding. End user can also onboard the app without these mandatory permissions and review those permissions later. Even if the user has skipped the VPN, the device will be able to onboard. This feature is only available for enrolled devices (MDM) currently. Please seeOptional Permissions on iOS for MDM for more details.
Android- Microsoft Defender for Endpoint on Android enables Optional Permissions in the onboarding flow. Currently the permissions required by MDE are mandatory in the onboarding flow. With this feature, admin can deploy MDE on Android devices with MAM policies without enforcing the mandatory VPN and accessibility permissions during onboarding. End users can onboard the app without the mandatory permissions and can review these permissions later. This feature is only available for unenrolled devices (MAM) currently. Please seeOptional Permissions on Android for MAM for more details.
Disable Web Protection
Customers who do not want to setup a VPN, can configure to disable Web Protection and deploy MDE without that feature. Other MDE features will continue to work. On iOS, this configuration is available for both the enrolled (MDM) devices as well as unenrolled (MAM) devices. Please seeDisable Web Protection on iOS for more details. For Android, this feature is already available for MDM devices, however MAM can expect this feature to be coming soon.
We want to hear from you! Let us know what you think about this new wave of features.